A new release of Qualys Cloud Suite, Version 8.10.1 (this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC) modules), includes an updated API which is targeted for release in July 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API as well as updated API's that may have changes affecting current code environments, allowing you to identify use cases that can leverage this updated API. The release notes are attached at the end of this notice.

What’s NewNew Scanner Role Extended Permissions

Your subscription may now be configured to allow users with a Scanner user role to be granted these extended permissions:

- Manage virtual scanner appliances. When granted, this allows the user to create, edit and delete virtual scanner appliances from the UI and API.

- Create/edit authentication records/vaults. When granted, this allows the user to create and edit authentication records and vaults from the UI and API.

New Input Parameter for Create Virtual Scanner

When users with the Unit Manager or Scanner role create a virtual scanner appliance, they must add the virtual scanner to an asset group in their account. Simply provide the asset group ID as part of the API request.

The existing parameter “active_kernels_only” helps you identify detections related to running and non-running Linux kernels. You can now specify active_kernels_only=3 in your request to only include vulnerabilities found on running Linux kernels.

PC - Enhancement to File Integrity Checks

With this release you’re no longer required to manually set the default expected value when defining File Integrity checks. Now you can pick the “Use scan data as expected value” option in the UDC and we’ll set the expected value for you based on the actual value returned by the scan. Note that you’ll also need to select the “Auto Update expected value” option in your compliance profile.

A new release of Qualys Cloud Suite, Version 2.28 (this version # is equivalent to Web Application Scanner v5.6), includes an updated API which is targeted for release in July 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. The release notes are attached at the end of this notice.

Whats New in WAS 5.6

WAS - Generating Reports using templates

With our new Reporttemplate API, you can search for existing templates as well as get the details of an existing template. You can also use templates to generate reports through API, such as web application report, scan report, catalog report, and scorecard report.

WAS - Retest findings You can now easily retest the findings for individual vulnerabilities using Finding API to test the selected finding. Only potential vulnerabilities, confirmed vulnerabilities and sensitive contents are available for retest.

WAS - Launch multiscan We've enhanced the ability to support large web application scanning programs by adding the ability to scan any number of web applications as a Multi-Scan through API. This feature enables you to scan hundreds or even thousands of web applications you may have in your organization with granular insight into what scans are running and which ones are complete.

WAS - Schedule a multiscan You can now schedule a Multi-Scan through API to run automatically, on a regular basis. This way you always have the most up-to-date security information in your account.

A Multi-Scan allows you to scan any number of web applications. This feature enables you to scan hundreds or even thousands of web applications you may have in your organization with granular insight into what scans are running and which ones are complete.

WAS - Enhanced tag selectionWe have now enhanced our support for selection of assets linked to the tags when you launch a scan, create or edit a schedule, generate or schedule a Scorecard report or Web application report. You can now tell us the tag id in the request and specify if any or all the assets associated with the tag should be included or excluded in the scan result or report.

Qualys 8.10.0.1 Release Notes

A new release of Qualys Cloud Suite, Version 8.10.0.1 (this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC)) includes the following fixes. This hotfix will roll out today (June 9th, 2017) across all shared platforms.

Issues Addressed

For the VM Detection API we reverted the behavior for the active_kernels_only=1 parameter and updated the documentation. Now it excludes vulnerabilities found on non-running Linux kernels. The 8.10 API Release Notes and API User Guides have been updated to reflect this change.

Scan Reports in CSV format – Now the EC2 Instance ID column will only appear when your subscription has EC2 Scanning enabled and only when the “EC2 Related Information” option isselected in the scan report template. Columns for EC2 Instance ID and EC2 metadata information now appear at the end. We also moved the columns in the CSV output for the VM Detection API. The 8.10 API Release Notes and API User Guides have been updated to reflect this change.

We fixed an issue where users were getting an error when using the show_pci_flag parameter with the KnowledgeBase Download API (/msp/knowledgebase_download.php). Also, the AUTOMATIC_PCI_FAIL tag previously described in the 8.10 API Release Notes will not appear in the XML output. This element is in the DTD but for internal use only.

We fixed an issue in the Qualys UI where the Scan List was not loading for Non-Manager users.

We fixed a link in the online help for the Cloud Agent Mac Install Guide.